Re: [w3ctag/design-reviews] Review of signature-based resource loading restrictions. (#186)

> @plinss is concerned that without using certs, there's too much of a risk of fraudulent public keys allowing attackers to compromise an SRI protected resource.

As we discussed earlier, using certs seems like a thing that's possible to do. It's the core of https://tools.ietf.org/id/draft-yasskin-http-origin-signed-responses-02.html, really. I'm really unenthusiastic about reinventing the web PKI, however, and am much more interested in the Simplest Thing That Could Possibly Work(tm) approach we're taking here.

I'm not at all clear about the risks that @plinss is referring to, and they aren't clear from the minutes either. ed25519 is a fairly robust signature mechanism: what "fraudulent public key" risks am I missing?

> We'd like to ensure that it's possible to send multiple signatures on a single, so you can do key rollover

That seems reasonable to add. The client-side already supports verification via multiple public keys, so adding it to the server side seems like a thing we could do. It's not clear to me that it's necessary for use cases I know about, but it's not an unreasonable feature.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/186#issuecomment-362187668

Received on Thursday, 1 February 2018 08:02:33 UTC